I have the following situation: [Eng-ADS.Test1]---trusts--->[TS-ADS.Test2] ^ | | [Samba Server ] (Member of Eng-ADS.Test1) This is an external trust, and both sides of the trust are established (incoming and outgoing). However, it's a one way trust, in that Eng-ADS.Test1 trusts TS-ADS.Test2, but TS-ADS.Test2 does not trust Eng-ADS.Test1. In this case, winbindd shows the following when I run wbinfo --sequence: sh-2.04# wbinfo --sequence ENG-ADS : 145596 TS-ADS : DISCONNECTED From the log.winbindd at debug level 10 perspective, I get the following: krb5_get_credentials failed for ts-adsdc$@TS-ADS.TEST2 (Server not found in Kerberos database) failed kerberos session setup with NT_STATUS_OK I think I talked to Andrew B. at one point about this, and he said that there was no way this could work, but it's been a while. Windows in this case works fine, ideally we should be able to work with a one way external trust too. This same situation works fine if the one way trusted domain in question is an NT4 domain.
I've got reports that this is working much better in 3.0.11. Please retest and reopen iof the issue is still present. Thanks.
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.